shiro_02_身份认证加密( 五 )


2.自定义realm(重点)
.java
package com.jwj.ssm.shiro;import com.jwj.ssm.biz.UserBiz;import com.jwj.ssm.model.User;import org.apache.shiro.authc.AuthenticationException;import org.apache.shiro.authc.AuthenticationInfo;import org.apache.shiro.authc.AuthenticationToken;import org.apache.shiro.authc.SimpleAuthenticationInfo;import org.apache.shiro.authz.AuthorizationInfo;import org.apache.shiro.realm.AuthorizingRealm;import org.apache.shiro.subject.PrincipalCollection;import org.apache.shiro.util.ByteSource;import org.springframework.beans.factory.annotation.Autowired;/*** @author 敢敢* @site www.javajwj.com* @company xxx公司* @create2022-08-25 19:19*/public class MyRealm extends AuthorizingRealm {public UserBiz userBiz;public UserBiz getUserBiz() {return userBiz;}public void setUserBiz(UserBiz userBiz) {this.userBiz = userBiz;}/*** 授权* @param principalCollection* @return*shiro-web.ini*/@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {return null;}/*** 认证* @param authenticationToken* @return* @throws AuthenticationException*shiro.ini*/@Overrideprotected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {//拿到我们的用户名String userName = authenticationToken.getPrincipal().toString();User user = userBiz.queryUserByUserName(userName);//拿到数据库中的用户信息,放入token凭证中,用于controler进行对比AuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(),user.getPassword(),ByteSource.Util.bytes(user.getSalt()),this.getName() //realm的名字);return info;}}
交给我们的进行管理
.xml

3.与shiro的整合(注意)
①shiro 在加载的时候,上下文还没有加载完毕,所以@与@是不能使用的
② -shiro.xml 文件中,需要依赖的业务类,由于没有被配置,所以需要指定bean的id 通过@("具体的名字")
-shiro.xml
/user/login=anon/user/updatePwd.jsp=authc/admin/*.jsp=roles[admin]/user/teacher.jsp=perms["user:update"]
.java
package com.jwj.ssm.controller;import org.apache.shiro.SecurityUtils;import org.apache.shiro.authc.UsernamePasswordToken;import org.apache.shiro.subject.Subject;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import javax.servlet.http.HttpServletRequest;/*** @author 敢敢* @site www.javajwj.com* @company xxx公司* @create2022-08-20 12:12*/@Controllerpublic class LoginController {//@RequestMapping("/login")//public String login(HttpServletRequest request){登录成功一般需要 保存 用户信息//String uname = request.getParameter("uname");//if("zhangsan".equals(uname)){//request.getSession().setAttribute("uname",uname);//}//return "index";//}////@RequestMapping("/logout")//public String logout(HttpServletRequest request){做销毁//request.getSession().invalidate();//return "index";//}@RequestMapping("/login")public String login(HttpServletRequest request){try {String username = request.getParameter("username");String password = request.getParameter("password");//生成令牌UsernamePasswordToken token = new UsernamePasswordToken(username,password);//生成主体Subject subject = SecurityUtils.getSubject();//拿到令牌进行登录subject.login(token);return "main";}catch (Exception e){request.setAttribute("message","账户密码错误...");return "login";}}@RequestMapping("/logout")public String logout(HttpServletRequest request){Subject subject = SecurityUtils.getSubject();subject.logout();return "login";}}